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CERT  Training  and  Education 


Quotes  to  Ponder 


Homeland  security  begins  at  home. 

Various  on  the  Internet 


Property  has  its  duties  as  well  as  its  rights. 

Thomas  Drummond  (1797-1840) 
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CERT  Training  and  Education 


Goals 

Aware  -  Understand  the  issues 

•  Learn  about  Home  Computer  Security  issues. 

Knowledgeable  -  Skills  to  do  something 

•  References  contain  specific  technology  examples 
and  checklists. 

Educated  -  Foundation  for  the  future 

•  Fundamental  issues  are  highlighted. 
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m 


Home  Computer  Security 


Guide  to  improving  the 
security  of  your  home 
computer 

Technology  independent 
explanation 

Examples  using  Windows 
2000 

Checklists 


http://www.cert.org/homeusers/HomeComputerSecuritv/ 
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Topics 

Introduction 


Things  you  should 

•  know  about  security 

•  do  to  your  home  computer  -  tasks 

•  do  when  using  any  computer  -  practices 
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Topics 

Introduction 

Things  you  should 

•  know  about  security 

•  do  to  your  home  computer  -  tasks 

•  do  when  using  any  computer  -  practices 
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m 

What  Problem  Are  We  Solving? 

What’s  yours  is  yours  until  you  say  otherwise! 


Keep  computer-based  possessions  yours. 

Examples: 

•  CPU  cycles 

•  memory 

•  disk  space  and  contents 

-  your  files 

-  software  you’ve  bought 

•  Internet  connectivity 

•  not  a  new  idea 

•  What  locks  exist? 

•  How  are  they  used? 

http://www.cert.org/homeusers/qoalof  computersecuritv.html 
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Crime  on  the  Internet 


Means  + 

•  software  or  wetware 

Motive  + 

•  Anything  worth  stealing  on 
the  Internet? 

Opportunity  = 

•  Internet  access  readily 
available 

Internet  crime! 


http://www.cert.org/homeusers/mmo.html 
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Attack  Sophistication  vs. 
Intruder  Technical  Knowledge 


email  propagation  of  malicious  code 


“stealth’Vadvanced  scanning  techniques 


widespread  attacks  using  NNTP  to  distribute  attack 


widespread  attacks  on  DNS  infrastructure 


executable  code  attacks  (against  browsers) 

•  \ 

automated  widespread  attacks 
GUI  intruder  tools 


DDoS  attacks 

T 


increase  in  worms 


sophisticated  command 
&  control 


antiforensic  techniques 


hijacking  sessions 

t _ 

Internet  social 
engineering  attacks  », 

T. 


packet  spoofing 


automated  probes/scans 


techniques  to  analyze 
code  for  vulnerabilities 
without  source  code 


home  users  targeted 


distributed  attack  tools 


increase  in  wide-scale 
Trojan  horse  distribution 


Windows-based 
remote  controllable 
Trojans  (Back 
Orifice) 


1990 


Intruder  Knowledge 


2003 
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Attack  Sophistication 


Why  Should  I  Care? 


You  are  probably  either 

•  a  professional  or  SA  at  the  office 

•  an  owner  of  a  home  computer 

Therefore,  you  are  a  system 
administrator! 

•  same  responsibilities 

•  same  tasks 

And,  for  home  computers 

•  they  are  a  prime  target 

•  because  they  are  less  secure 


http://www.cert.org/homeusers/ira  svsadmin.html 
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Topics 

Introduction 

Things  you  should 

•  know  about  security 

•  do  to  your  home  computer  -  tasks 

•  do  when  using  any  computer  -  practices 
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Trust  -1 

We  are  trusting  by  nature. 

The  Internet  is  built  on  trust. 

But  the  world  has  changed. 

Trust  by  itself  is  no  longer  sufficient. 
Consider  a  cereal  box. 
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Trust  -2 


Now  imagine  a  web 
browser  showing  the  lock 
on  a  web  page.  Who  says 
that  the  lock  represents  an 
SSL  or  otherwise  encrypted 
page? 
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Trust  -3 


Chain  of  custody 
of  bits,  from 
construction  to 
consumption 
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Information  in  the  Clear 


Deer  non 
1  have  soae 
news 


fly  account 
nuaber  is 


Eavesdropping 
Identity  theft 
Dumpster  diving 
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P 

How  the  Internet  Works  -1 
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How  the  Internet  Works  -2 
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Email  is  in  the  Clear 


http://www.cert.org/homeusers/email  postcard.html 
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Topics 


Introduction 

Things  you  should 

•  know  about  security 

•  do  to  your  home  computer  -  tasks 

•  do  when  using  any  computer  -  practices 
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The  Nature  of  Maintenance 

All  things  to  “do”  are  straightforward. 

When  new,  they  may  even  be  “fun.” 

However,  they  can  get  old. 

The  challenge  is  to  continue  to  do  the  task. 

Levels  of  effort  required  to  maintain: 

•  low  -  setup  plus  light  maintenance  (“fire  and  forget”) 

•  medium  -  setup  plus  medium  maintenance 

•  high  -  setup  plus  significant  maintenance 

W 


©  2005  Carnegie  Mellon  University  (Lawrence  R.  Rogers,  Author) 


Home  Computer  and  Internet  User  Security 
Version  1.0.4-  slide  20 


rd 

U 

ZD 

TD 


~TD 

C 

rd 

DJO 

^C= 

*C 
•  ■■■ 

C  0 


cxl 

LU 


Task:  Install  and  Use  Antivirus 
Software 


Easy  way  to  gain  control  of  your 
computer  or  account 

Violates  “trust” 

DURCH  tests 

•  Demand  -  Check  files  on  demand? 

•  Update  -  Get  new  virus  signatures 
automatically? 

•  Respond  -  What  can  be  done  to 
infected  files? 


•  Check  -  Test  every  file  for  viruses. 

•  Heuristics  -  Does  it  look  like  a  virus? 


Level  of  effort:  low 
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Task:  Keep  Your  Systems  Patched 


Unpatched  programs  are  weak 
spots. 

Intruders  exploit  these  to  gain 
access. 


•  Affected  -  Is  my  system  affected? 

•  Break  -  Does  this  patch  break  something  else? 

•  Undo  -  Can  I  undo  patch  installation? 

Level  of  effort: 

•  patching:  low 

•  what  breaks:  medium  to  high 

•  undoing  install:  medium  to  high 
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Task:  Install  and  Use  a  Firewall 
Program 


Limit  connections  to  computer 

Limit  connections  from  computer  based  on  application 
Portable  -  follows  the  computer  (laptop) 


PLAT  tests 

•  Program  -  What  program  wants  to  connect? 

•  Location  -  Where  does  it  want  to  connect? 

•  Allowed  -  Yes  or  no? 

•  Temporary  -  Permanent  or  temporary? 

Level  of  effort: 

•  install:  low 

•  maintain:  high 
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Speaking  of  Firewalls 


•  •  • 


http://www.cert.orq/homeusers/HomeComputerSecuritv/#4 
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Task:  Use  Care  when  Downloading 
and  Installing  Programs 


Program  may  satisfy  needs  but  may  harm  computer 


What  does  it  really  do? 


LUB  tests 


•  Learn  -  What  does  the 
program  do  to  your 
computer? 


•  Understand  -  Can  you 
return  it  and  completely 
remove  it? 


•  Buy  -  Purchase/download 
from  reputable  source? 


Level  of  effort:  high 
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Task:  Install  and  Use  a  Hardware 
Firewall 


Guards  all  computer  systems  at  home 
First  layer  of  defense 
Fast 

Provides  logging 
Bundled  with  cable/DSL  router 
Bundled  with  wireless 
Default  deny  setting 

Level  of  effort: 

•  install:  low 

•  maintain:  low 
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Tasks  Summary 

□  Install  and  Use  Antivirus  Software 

□  Keep  Your  Systems  Patched 

□  Install  and  Use  a  Firewall  Program 

□  Use  Care  when  Downloading  and  Installing  Programs 

□  Install  and  Use  a  Hardware 

Some  easy,  some  not  so  easy 
All  important 
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RT  Training  and  Education 


Topics 


Introduction 

Things  you  should 

•  know  about  security 

•  do  to  your  home  computer  -  tasks 

•  do  when  using  any  computer  -  practices 
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CERT  Training  and  Education 


What  are  Practices? 

Practices  are  steps  to  follow  no  matter  what 
computer  system  you  are  using. 

A  home  computer  is  but  one  instance. 
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Practice:  Use  Care  When  Reading 
Email  with  Attachments 


Executable  content 
Interesting  to  you  (social  engineering) 
Violates  trust 


KRESV  tests 

•  Know  test  -  Know  the  sender? 

*  Received  test  -  Received  email  before 

•  Expect  test  -  Did  you  expect  this  email? 

*  Sense  test  -  Does  this  email  make  sense? 
«  Virus  test  -  Contain  a  virus? 


Doesn’t  pass  all  tests?  Don’t  open! 
Level  of  effort:  high 
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CERT  Training  and  Education 


Using  KRESV  Tests 

1.  Send  introductory  email  (Know) 

-  ask  permission  to  send  attachment 

2.  Qualifies  as  Received 

3.  If  OK,  they  will  then  Expect  the  email 

4.  Subject  line  needs  to  make  Sense 

5.  Scan  attachments  for  Viruses 

6.  Send  the  mail 
Level  of  effort:  medium  to  high 
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Practice:  Make  Backups  of 
Important  Files  and  Folders 


Can  you  recover  a  file  or  folder  if  lost? 
Does  your  computer  have  a  “spare  tire”? 
FOMS  tests 

•  Files  -  What  files  should  be  backed  up? 

•  Often  -  How  often  should  a  backup  be 
made? 

•  Media  -  What  kind  of  media  should  be  use 


Level  of  effort: 

•  setup:  medium  to  high 

•  maintaining:  medium 
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Practice:  Use  Strong  Passwords 

Passwords  are  like  house  keys 


Different  key  for  each  lock 
Brute  force  attacks 


Sniffing  clear  text 
SUPR  tests 


•  Strong  -  Password  strong  (length  and  content/T^^ 

•  Unique  -  Unique  and  unrelated  to  other  passwords? 

•  Practical  -  Can  you  remember  it? 

•  Recent  -  Have  you  changed  it  recently? 

Level  of  effort:  medium 
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The  Best  Protection 


Something  you  know 
+  Something  you  have 
Something  you  are 

The  Best  Protection 
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Something  You  Know 


Username 

Password 

PIN 

Passphrase 
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Something  You  Have 


Smart  cards 

•  multi-function 

Examples 

•  national  ID  card 

•  driver’s  license 
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Something  You 

Face 

Signature 
Fingerprint 
Retina 
Iris 

Palm  geometry 


Are 


©  2005  Carnegie  Mellon  University  (Lawrence  R.  Rogers,  Author) 


Home  Computer  and  Internet  User  Security 
Version  1.0.4-  slide  37 


Information  Security  Model 
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http://www.cert.orq/homeusers/piqlatin.html 


Data  Confidentiality  —  Access 
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Internet  —  Friend  or  Foe? 


Example 

•  SA  posts  question  to  Internet 

•  Gives  details  of  network 

-  hardware 

-  software 

-  applications 

•  Email  address  and  telephone  for 
“quick”  response 

What  does  a  potential  intruder 
now  know? 


http://www.cert.org/homeusers/internet  friendorfoe.html 
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CERT  Training  and  Education 


Data  Confidentiality  —  Encryption 


ATINLAY  OPENSVAV  UPYAV  AYAY 
EWNAY  ORLDWAY  ATTHAY  OUYAY 
EVERNAY  OULDWAY  AVEHAY 
OUSHTTHAY  OSSIBLEPA 
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Practice:  Install  and  Use  Access 
Controls  and  File  Encryption 


Confidentiality  -  Need  to  know  only 

Limit  access  to  files  and  folders  to  only 
those  authorized 


Confidentiality  of  printed  information 


WAF  tests 

•  Who  -  Which  users  can  access? 

•  Access  -  What  kind  of  access? 

•  Files/Folders  -  Which  need  ac 

Level  of  effort:  medium  to  high 


s  WHAT'S 
(  THE 


PASSWORD? 
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CERT  Trainin 


Integrity  —  Can  You  Prove  It? 


Ever  get  a  CD  in  the 
mail,  at  home  or  in 
the  office? 

How  do  you  know 
where  it  came  from? 

How  do  you  know 
what  it  contains? 

What  should  you  do 
with  it? 


http://www.cert.orq/homeusers/prove-it.html 
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Practices  Summary 

□  Use  Care  When  Reading  Email  with  Attachments 

□  Make  Backups  of  Important  Files  and  Folders 

□  Use  Strong  Passwords 

□  Install  and  Use  Access  Controls  and  File  Encryption 

Things  you  do  everywhere 
Some  easy,  some  not  so  easy 
All  important 
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Knowledge  —  Apply  to  Wireless 


Confidentiality 


•  Cannot  limit  access  to  airwaves. 

•  This  means  encryption  (V 

•  But  WEP  is  weak. 

•  So  use  VPN  or  WAP. 

•  Disable  SSID  broadcasts. 

Access  control 

•  Use  MAC  address  filtering. 

•  But  MAC  addresses  can  be 

•  So  use  802.1  IX  for  user  identification. 
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CERT  Trainin 


Is  There  an  Intruder  in 
Computer? 


Normal 


•  What’s  normal  behavior? 

-  running  programs 

-  network  traffic 

-  performance 

-  operating  system 

•  hard  to  do 

•  vendors  don’t  help 

Abnormal 


•  need  to  know  what  normal 
is  first 

Level  of  effort:  high 


http://www.cert.org/homeusers/intruder  in  computer.html 
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CERT  Training  and  Education 


There  IS  an  Intruder  in  My 
Computer  —  What  Now? 


Questions  to  answer: 

1.  What  changed? 

•  What  was  there  before? 

•  How  did  it  look? 

2.  How  did  they  get  in? 

•  specific  files  changed 

3.  Why  did  they  get  in? 

•  missing  patches 

•  out-of-date  virus  list 

•  no  firewall 

Level  of  effort:  high 


http://www.cert.org/homeusers/intruder2.html 
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CERT  Training  and  Education 


Questions? 
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CERT  Trainins  and  Education 


References 

The  “Larry”  Stories 

(http://www.cert.org/homeusers) 


Home  Computer  Security  Guide 

(http://www.cert.org/homeusers/HomeComputerSecuritv) 


Before  You  Connect  a  New  Computer 
to  the  Internet 

(http://www.cert.org/tech  tips/before  you  plug  in.html) 
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Contact  Information 


Lawrence  R.  Rogers 

•  Email:  cert@cert.org 

CERT  website:  http://www.cert.org/ 
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